Skip to main content

Tips, tricks and scam alerts

News Letter Journal - Staff Photo - Create Article
By
CyberWyoming, Hacker’s Brief 8/2/2024 

Direct Deposit Deception: A Jackson citizen reported a phishing attempt where scammers impersonated an employee via a masked email address, requesting to change direct deposit information. The email used the employee’s name and credentials but was sent from a fake address. The Citizen almost fell for the scam, but because they use a Professional Employer Organization (PEO) for payroll, they were instructed to direct the request to the PEO’s website, which prevented the scam from succeeding. The scam was detected when the real employee saw the email and confirmed she did not send it. CyberWyoming Note: This incident highlights the risks of email address masking and suggests removing sensitive schedule information from public websites to avoid aiding such scams. Always verify requests to change direct deposit information by contacting the employee directly through trusted channels, like a known phone number or in person, before making any updates. 

Best Buy Employment Scam: A Laramie resident received an employment scam text from an unknown number. The message, purportedly from "Amelia at Best Buy Services USA," offered remote online part-time/full-time jobs involving e-commerce data updates and item visibility enhancement. It promised free training with commissions of $30-$80, flexible hours, no location restrictions, and pay rates of $80-$400 per hour. Recipients were instructed to contact a person in charge via RCS by texting a provided number. CyberWyoming Note: Beware of unsolicited job offers that sound too good to be true, especially those promising high pay for minimal work. Always verify the legitimacy of such offers by contacting the company directly through their official website or customer service number. Never share personal information or engage with suspicious contacts without proper verification. 

Doubtful Dilemma: A Laramie citizen received an email that appears to be a scam attempt. The sender claims that their email was hacked, and they were directed to speak to someone posing as a commissioner in Washington DC. The scammer allegedly demanded payment via Walmart gift cards to resolve the issue. The sender is seeking assistance as the scammer has their personal information. The email raises suspicion due to its odd subject line and the fact that it came from a Gmail account despite claiming a Google hack. It's likely a phishing attempt to elicit a response or further engagement from the recipient. CyberWyoming Note: To safeguard against such phishing attempts, individuals should never provide personal information or payment details over the phone or email, especially in response to unsolicited requests. It's essential to verify the identity of the caller or sender through official channels and enable two-factor authentication for email and online accounts to add an extra layer of security. 

Malware via Fake Error Messages: A recent malware campaign tricks users with fake error messages from Google Chrome, Word, and OneDrive. Attackers use compromised websites and emails to show convincing error alerts. Users are told to run PowerShell commands to fix issues, but instead, these commands install malware like DarkGate and Matanbuchus. Despite needing user interaction, these methods effectively deceive users and bypass detection by Windows, aiming to infect many systems. Users should be cautious of error messages, especially those that appear unexpectedly or prompt them to take immediate action. Refrain from copying and running PowerShell commands provided in error messages or pop-ups, especially if they are related to fixing software issues. – Brought to you by Bleeping Computer 

https://www.bleepingcomputer.com/news/security/fake-google-chrome-errors-trick-you-into-running-malicious-powershell-scripts/  

Navigating the Social Media Maze: Social media platforms like Facebook, Instagram, and TikTok are widely used, both personally and by businesses for marketing. To ensure responsible usage, companies should incorporate guidelines into their Acceptable Use Policy or a separate Social Media Policy. These policies should mandate that employee posts represent the company professionally, securely, and ethically, while avoiding the sharing of sensitive company data. Business owners should clearly define prohibited data and penalties for policy violations. Policies should apply to both employees and contractors, covering various social media platforms and their usage during and after work hours. Employees should be required to understand platform Terms of Use and potential policy violations. Utilizing resources like the NCSS Social Media Policy template can aid in crafting effective guidelines, with regular communication being crucial for policy enforcement and adherence.   

– Brought to you by The National Cybersecurity Society 

MS-ISAC and CISA Patch Now Alert: The Multi-State Information Sharing and Analysis Center (MS-ISAC) or the Cybersecurity & Infrastructure Security Agency (CISA) has published a patch now (update your software) alert for Apple products. If you use these products, make sure the software (or firmware) is updated. 

Data Breaches in the News:  

Pinnacle Bank, HealthEquity, Squirrel (A mortgage broking and investment firm), Ezynetic, Neiman Marcus, Ashley Madison, Edelson Lechtzin LLP, Peco Foods Inc, Compex Legal Services Inc, Allcare Medical Management Inc, Taj Hotels, and Gemini (Cryptocurrency exchange) 

Note: If you have an account with any of these companies, be sure to change your password and consider placing a credit freeze on your accounts through the three credit reporting agencies: TransUnion, Experian, and Equifax. 

Please report scams you may experience to phishing@cyberwyoming.org to alert your friends and neighbors. 

Other ways to report a scam: 

Victim Support: The AARP Fraud Watch Network and Volunteers of America (VOA) created a new, free program to provide emotional support for people impacted by a scam or fraud, called ReST. Visit www.aarp.org/fraudsupport to learn more about the free program and register. 

--- Online Subscribers: Please click here to log in to read this story and access all content.

Not an Online Subscriber? Click here for a one-week subscription for only $1!.